W32/FindVM.Q is a Trojan that may be dropped by other malware or may be downloaded from remote website by other malware. It may also be downloaded unknowingly by a user while visiting malicious Website.

Upon execution, the trojan drops winamp.exe in the Windows folder.

The trojan modifies registry at the following locations:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winamp Media Player HKEY_USERS\S-1-5-21-(SID)\Software\Microsoft\Windows\ShellNoRoam\MUICache\

More details can be found at this Proland Software page.